OAuth 2.0 (RFC 6749) is a great authorization framework but it leaves much up to the imagination. Luckily, there are numerous extensions that expand, explain, and clarify the basic capabilities to build a robust and powerful suite of standards. That said, there’s one unobviously complex area which gets little attention: Scopes. What is an OAuth Scope? […]

API Documentation comes in a variety of forms. You can find it in pdfs, html, or even a Postman-collection that lets you play immediately. You can provide project examples, detailed blog posts, or video walk throughs.There are tradeoffs of each. Regardless of how you deliver the documentation, all documentation fall into one of three buckets: […]

All opinions and analysis in this post reflect my experience and opinion, not those of current or previous employers. They did not review or approve of this in any form. For years I’ve advised everyone from solo developers to Fortune 50 companies on the best approaches to designing and building APIs in addition to numerous […]

I’ve been thinking about what Google looks like in five years. At a macro level, they have detailed information on every event, flight, hotel, and traffic, what could they do? Or at a micro level, they have the same information on more and more people plus detailed geo-data with our personal trackers.. er.. phones, what […]

We’ve heard that adage in reference to using Facebook, Twitter, and a variety of others for quite a few years. While it absolutely does apply for general web users, in the API space, it takes on a more sinister tone. When you’re working with an API, it’s usually because it makes a piece of your […]

Let’s get this out of the way upfront: Building API helper libraries is hard. When you think about it, that makes sense. The helper libraries rarely get the same time or attention as the API itself. They’re usually an afterthought. Even worse, most teams are usually only strong in one or two programming languages and dabble […]